Light Dark
February 19, 2021 By David Bisson 3 min read
Risk Management
Security Services

With manufacturing cybersecurity threats on the rise, what should companies know about protecting their digital assets in the future? 

Risks to Security in Manufacturing

The number of ransomware incidents involving the manufacturing sector increased 156% between the first quarters of 2019 and 2020. Later in 2020, ransomware actors demanded $17 million from a laptop maker and $34 million from a Taiwanese electronics contract company.

Ransomware isn’t the only threat to manufacturing cybersecurity. Where there’s ransomware, there’s almost always phishing. One campaign that targeted manufacturers, among others, was part of a larger effort to target the COVID-19 vaccine cold chain.

The issue with both ransomware and phishing is digital attackers can use these threats to steal their victims’ data. Malicious actors could compromise a manufacturer’s customer database and leverage those details to conduct follow-up attacks, such as manufacturing data breaches. Or, they could establish a foothold within the network and use that access to scout it out. They could then choose to sell that opening to a competing group, criminal enterprise or nation-state actor. They also could use it to conduct an attack of their own that could compromise business processes.

 IT-OT Convergence’s Role in Security Risks 

What’s important to note is the impact that these manufacturing cybersecurity issues could have on a business. For years, the impact was minimal. Manufacturing and other industrial sectors had no need to connect their industrial control systems (ICS) to the internet. At that time, the web was still growing. What they needed to do was make sure the physical processes that those ICS were watching were available. So, they kept them offline and away from threats that were beginning to take form.

Now, most businesses have a digital presence. Manufacturing cybersecurity needs are no different. They want real-time data, so they can monitor the state of their physical processes. This helps them perform preventive maintenance on equipment and minimize downtime. In order to do this, operational technology (OT), of which ICS are a type and information technology, are brought together. Manufacturers are turning to the Industrial Internet of things (IIoT) as a means of using the IT side of things to gain crucial insights into the way their OT is functioning.

But, there’s a problem. Many OT assets aren’t equipped to defend against today’s threats. Some of those assets are decades-old legacy systems that use proprietary protocols to talk to one another. As such, they can’t easily receive remote updates unless the owners take them offline. But doing that threatens the uptime of their physical processes. This makes it difficult for businesses to keep these assets secure as they go online via the ongoing IT-OT convergence. No doubt this contributes to the growth of digital threats confronting the industry, as discussed above.

Best Practices To Adopt To Combat Security Risks

It’s possible to overcome the challenges posed by security issues in the manufacturing industry. Business leaders just need to bring IT and OT together with a bit of care.

  1. First leverage the C-suite to clarify the roles and responsibilities of both IT and OT teams. They can then use pilot programs and cultural exchanges to slowly begin fostering teamwork between IT and OT. Plus, they can teach teams to share their challenges, needs and viewpoints with one another.
  2. Augment defenses of your entire system by:
    • Take inventory of all of your devices. Use that to determine which assets are most important.
    • Segment your network in a way that cuts down on risk — to legacy systems most of all — but still allows IT and OT to work together. These segments then give teams smaller sections within which they can implement network access controls along with network monitoring in order to defend against ransomware, phishing and other digital threats.
    • Use vulnerability management to patch all of the security weaknesses you can without taking key industrial assets offline.

Through due diligence like this, manufacturing cybersecurity problems can be solved.

 |  |  |  |  |  | 
David Bisson
Contributing Editor

More from Risk Management
April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

April 11, 2024

Ransomware payouts hit all-time high, but that’s not the whole story

3 min read - Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.Still, it’s not all roses for…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature